[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Wired Story on Uncovering Users of Hidden Services.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
From: blobby@xxxxxxxxxxxxxxx
Date: Wed, 13 Aug 2014 10:06:00 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 13 Aug 2014 06:06:21 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=openmailbox.org; h=user-agent:message-id:subject:subject:from:from:date:date :content-transfer-encoding:content-type:content-type :mime-version:received:received; s=openmailbox; t=1407924361; bh=KNh349u3LLQtvoCYzgyYyA66Onyg9UTkzd58GfYAP6c=; b=j8x/Q4lMlrJN ugfjnagmNDZtvuDzT2FQWWD2ANh7tNXrBsrGPV0CJwxiP7A0056WAQGss1saErrf hO5C0emN2FvAUvJGA/XcmGZiCGGfl7LvBy/ajC8Y6iph/xgQntjpq8UGyX36stur +XFal3xfVkpSu7vzhR8LaAZjswlxUVQ=
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.0.2

A recent story in Wired is entitled "Visit the Wrong Website and the FBICould End Up in Your Computer" by Kevin Poulsen(http://www.wired.com/2014/08/operation_torpedo/). The story involvesthe FBI uncovering the IP addresses of numerous users of a Tor hiddenservice.

I know this was mentioned previously(https://lists.torproject.org/pipermail/tor-talk/2014-August/034270.html)but I am interested in a different aspect.

Within the story, there is a link to a PDF of an application for asearch warrant(https://www.documentcloud.org/documents/1261620-torpedo-affidavit.html)which provides illuminating reading (parts are a bit disgusting as theyrefer to the content of the hidden service which was serving childporn).

In short, the FBI arrested the owner of the hidden service, took overthe server, then installed a "Network Investigative Technique" (malware)which collected the IP of visitors. See pages 31-33 of the PDFaffidavit.


Three questions:

If it's possible for the owner of a hidden service (whether the FBI or aregular person) to install malware which grabs visitors' IPs, then whatis stopping any hidden service owner from doing this?

The Wired article states that "In a two-week period, the FBI collectedIP addresses, hardware MAC addresses (a unique hardware identifier forthe computerâs network or Wi-Fi card) and Windows hostnames on at least25 visitors to the sites. Subpoenas to ISPs produced home addresses andsubscriber names, and in April 2013, five months after the NITdeployment, the bureau staged coordinated raids around the country."

However, in the affidavit, I'm not sure that MAC addresses arementioned.

Considering the number of individuals that must have visited the hiddenservice, this doesn't seem to be very many people. Why were so fewidentified? Were the 25 using outdated browsers (TBB)?

How, in this case, was it possible for the FBI to learn the IP addressesof visitors to this hidden service? The Tor hidden server page statesthat "In general, the complete connection between client and hiddenservice consists of 6 relays: 3 of them were picked by the client withthe third being the rendezvous point and the other 3 were picked by thehidden service."

Can someone knowledgeable please explain how visitors to a Tor hiddenservice can have their real IPs detected?



--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Anders Andersson
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Roger Dingledine

Prev by Author: Re: [tor-talk] So I Guess Tor Could Never Be Secure No Matter What
Next by Author: [tor-talk] Craigslist now blocking all Tor IPs? Template for anyone:
Previous by thread: [tor-talk] Tor Security Issues???
Next by thread: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Index(es):
- Author
- Thread